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What is claimed is: 

1 . A method of routing a data unit targeted to one of a plurality of entities 
in a network, comprising: 

receiving the data unit, the data unit including security information and 
address information; ant 

translating the address information to an address of a target network 
entity based on the security information. 



1 2. The methofl of claim 1, wherein the address information in the data 

2 unit includes a common address associated with the plurality of network entities, and 

3 each network entity is assigned a unique network address, and wherein translating the 

4 address information includes translating the common address to one of the unique 

5 network addresses. 

1 3. The method o A claim 1, wherein receiving the data unit includes 

2 receiving an Internet Protocol packet. 

1 4. The method of claim 3, wherein translating the address information 

2 includes translating an Internet Protocol destination address. 

1 5. The method of claim 3, wherein receiving the data unit includes 

2 receiving a packet including Encapsulating Security Payload information. 

1 6. The method of claim 5, wherein translating the address information 

2 includes translating the address information based on a Security Parameters Index 

3 field of the Encapsulating Security Pay load information. 

1 7. The method of claim|3, wherein receiving the data unit includes 

2 receiving a packet including Internet! Security Association and Key Management 

3 Protocol information. 



1 8. The method of claim 71 wherein translating the address information 

2 includes translating the address information based on initiator and responder cookies 

3 of the Internet Security Association and Key Management Protocol information. 



9. The method of claim 1, further comprising creating one or more 
address translation tables used in the translation of address information, the one or 
more address translation tables each containing the address of at least one of the 
network entities and secumty information associated with the at least one network 
entity. \ 

10. The method of claim 9, further comprising matching the security 
information in the data unit with the information in the one or more address 
translation tables. 1 

11. A router for use in a network having one or more entities, the router 
comprising: 1 

an interface adapted to receive a data unit, the data unit containing a 
field having security information; and 

a translator adapted to generate an identifier of a network entity that 
the data unit is targeted for based on the security information. 

12. The router of claim 11, wherein the translator includes a many-to-one 
network address translator. 1 

13. The router of claim 11, wherein the data unit further contains an 
address associated with the router .1 

14. The router of claim 13, wherein the translator is adapted to further 
replace the address with the identifier of the target network entity. 

15. The router of claim 1 L wherein the data unit includes an Internet 
Protocol packet. 1 

16. The router of claim 15,\wherein the data unit contains a Security 
Parameters Index field in an Encapsulating Security Payload header. 
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1 17. The ro Liter of claim 15, wherein the data unit contains initiator and 

2 responder cookies in iin Internet Security Association and Key Management Protocol 

3 header. 

1 18. The router of claim 11, further comprising a storage medium storing 

2 one or more tables containing routing information accessible by the translator. 

1 19. The router of claim 1 8, wherein the routing information includes 

2 security information and a corresponding identifier of a network entity. 

1 20. An article including one or more machine-readable storage media 

2 containing instructions for routing a data unit targeted to an entity on a network, the 

3 instructions when executed causing a system to: 

4 receive the data Wit, the data unit containing security information to 

5 provide secure communications of the data unit; and 

6 determine an address of the network entity based on the security 

7 information. 

1 21 . The article of claiii 20, wherein the one or more machine-readable 

2 storage media contain instructionslthat when executed causes the system to translate 

3 an address in the data unit to the address of the network entity based on the security 

4 information. 

1 22. The article of claim 21, wherein the one or more machine-readable 

2 storage media contain instructions that when executed causes the system to translate 

3 the address based on Encapsulating P^yload Security information. 

1 23. The article of claim 21, wherein the one or more machine-readable 

2 storage media contain instructions that when executed causes the system to translate 

3 the address based on Internet Security Association and Key Management Protocol 

4 information. 

1 24. The article of claim 20, wherein the one or more machine-readable 

2 storage media contain instructions that when executed causes the system to access an 
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3 address translation tattle to match the security information in the data unit to 

4 information in the address translation table. 

1 25. The article of claim 24, wherein the one or more machine-readable 

2 storage media contain instructions that when executed causes the system to match 

3 address and security information in the data unit with address and security 

4 information in the address! translation table. 

1 26. A data signal embodied in a carrier wave comprising one or more code 

2 segments containing instructions for routing a data unit to one of a plurality of 

3 network entities, the instructions when executed causing a system to: 

4 receive the data unit having security information and a destination 

5 address; 1 

6 access one or more translation tables each containing security 

7 information and an address of a network entity; and 

8 convert the destination address of the data unit to the network entity 

9 address. \ 

1 27. A storage medium containing a data structure accessible by a system 

2 for routing a data unit to an entity in a network, the data unit containing a first 

3 destination address and the network entity having a second address, the data structure 

4 comprising the first destination Address, the second address, and security information 

5 useable by the system to match tne first destination address to the second address 

6 based on the security information. 

1 28. A communicationslnetwork, comprising: 

2 a first network including a plurality of entities and a router, the router 

3 including a network address translator; and 

4 a node capable of communicating data units with entities in the first 

5 network, each data unit including security information, 

6 the network address translator adapted to convert a destination address 

7 in a received data unit from the node to an address of one of the entities based on the 

8 security information in the received data unit. 
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1 29. A system for use in a network having a plurality of entities, the system 

2 comprising: \ 

3 means for communicating data units originated by and destined for the 

4 plurality of network entities; and 

5 means foAcreating information accessible for routing data units, the 

6 information containing addresses of the network entities and corresponding security 

7 information \ 

1 30. The system of claim 29, further comprising: 

2 means for accessing the created information to perform routing of the 

3 data units based on security information contained in the data units. 

a 

'■M 1 31. The system of claim 30, wherein the accessing means includes a 

in 2 network address translator. 1 

m \ 

m \ 

1 32. The system of claim 30, wherein the accessing means matches address 

J: \ 

1^ 2 and security information in the data units to corresponding address and security 

ijf 3 information in the created information 

; nI \ 
s \ 

; j3 1 33. The system of claim 29, wherein the security information includes 

2 Encapsulating Security Payload iriformation. 

1 34. The system of claim 29, wherein the security information includes 

2 Internet Security Association and Key Management Protocol information. 



